Author: Melodie Foster

Date: 8th March 2021

 

Hundreds of thousands of companies across the world are being hacked and having emails stolen due to four newly discovered vulnerabilities in Microsoft Exchange Server. More worryingly, the attackers are implanting victim organisations with tools that give them complete remote control over the affected systems.

The vulnerabilities were first used to steal victims’ emails from Internet-facing systems running Exchange and a few days later had dramatically ramped up attacks on any unpatched, vulnerable Exchange servers worldwide. The attackers left behind a “web-shell” which is a password-protected hacking tool which gives the attacker administrative access to the victims’ computer servers.

Volexity President said about the flaw, “We’ve worked on dozens of cases so far where web shells were put on the victim system back on Feb. 28 [before Microsoft announced its patches], all the way up to today. Even if you patched the same day Microsoft published its patches, there’s still a high chance there is a web shell on your server. The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.”

Microsoft have urged clients to “apply updates as soon as possible across all impacted systems.” Although, patching these four flaws will only block the four ways attackers have been using to get in, it does not do anything against damage that may have already been done.

Security researchers have published tools to detect vulnerable servers and according to KrebsOnSecurity, companies who have been hacked include “banks, credit unions, non-profits, telecommunications providers, public utilities and police, fire and rescue units.”

Microsoft have said that the vulnerability does not affect customers that are running its Exchange Online service but many companies that have been attacked are running an Internet-facing Microsoft Outlook Web Access emails system together with Exchange servers internally. [1]

[1] https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/

 

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >